Introduction to DNS

Hi Rene, i would likr to know why in the example of openning the Web page… the DNS request use UDP instead TCP?
Thank you

Hi Raul,

DNS supports both UDP and TCP but we typically only use TCP for zone transfers.

One of the advantages of UDP is that it’s faster since it’s connectionless. A DNS server doesn’t have to establish a TCP connection with each client that does a DNS request. With UDP, it just gets a DNS request, sends a response and it’s done.


Hey Rene,

It’d be great if you can give some detailed insight on how a DNS query is resolved. Maybe an example would help.

Cheers !


Hi Kunj,

Would you like to see a packet capture of a query/response or do you mean how the lookup is done from client to DNS server 1 > DNS server 2, etc.?


Hi Rene,

Can you explain different DNS record types and zones please.

Hi INderpreet,

DNS allows us to use zones. A zone stores information about the domain. When you register a domain name, you have to tell the register which DNS servers you want to use for your domain name.

On the DNS server that is responsible for your domain (zone) you can create different records.

Let me give you a short overview of the different records:

  • A: the A record is used to store the IP address of a name. For example, refers to "".
  • AAAA: this is the same as the A record but it's used for IPv6 addresses.
  • CNAME: the CNAME record is an alias for an A record. For example, I could use CNAME as an alias for
  • MX: the MX record is used to store the hostname for the mailserver. For example, I could use this to tell that is the mail server for this domain name. You will need an A record for


Hi Rene,

Can you explain why do we need /etc/hosts file. What happens if we do not have any entries in it?

Hi Shree Kumar,

The hosts file is used for static IP to HOSTNAME mappings. Normally it is used to configure the hostname of the local computer.

For all other IP-to-HOSTNAME lookups, we use a DNS server. Any application that requires the local hostname might fail if your hosts file is empty.



Can you explain the steps a computer takes when it’s behind a switch, that’s behind a router, when it sends a request to reach I’m talking DNS, ARP, routing, and what order they happen? Just as much detail as possible. I am trying to figure out the order of operations.

Thank you!

Hi Shawn O,

In case your PC doesn’t have the MAC address of the gateway IP (which is the internal interface of the router) inside its ARP table, then It will issue an ARP request. With the ARP request, it will receive the MAC address from the router so it can start sending the packet. You can check this on the PC by going to the command line and typing the command “arp -a”

Then the packet will go to the router who in turn send it to the ISP DNS Server for the IP to domain name mapping. Once the IP of is known, then the route of the packet happens to reach the web Server of google.

Hope I could answer your question.

Hi Maher,

How does this PC know that the request to reach needs to send to the ISP DNS server instead of the local DNS server?
How does this PC know the IP address of the ISP DNS server?

Whijoon Yim,

Hi @whijoon

On your computer, you have to configure the DNS server manually or you receive it through the DHCP server:

You could configure the DNS server of your ISP or anything else ( is Google DNS).

It’s also possible that you see the IP address of your local router here. Most SOHO routers will act as a “proxy” / simple DNS server for your computers. When it receives a DNS request, it will forward it to the ISP DNS servers to figure out the IP address that belongs to the hostname. This is then returned to the computer.

1 Like

Please help me to understand this !

Hi Pratap,

This is a list of the DNS root servers:

The root servers answer requests for the root zone which contains all top-level domains (TLD) like .com, .net, etc.

You can take a closer look at each of these here:

Here is an example (without caching):

  • From your computer, you do a lookup for
  • Your computer forwards the request to the ISP DNS server.
  • If the ISP DNS server doesn’t have an answer, it queries one of the root servers to ask which DNS servers are responsible for the .com TLD.
  • The ISP DNS server sends a request to the .com TLD name server.
  • The .com TLD name server answers which authoritative server is responsible for the domain name.
  • The ISP DNS server now asks the authoritative server for the IP address of and gets the IP address.
  • The ISP DNS answers your computer with the IP address.

As you can see, these root servers are important. Hope this helps!


Hello if you creat your own DNS server on your router with the #ip host [name] [ip adress].

for example
#ip host [bob1] []

But if I type the command no ip domain-lookup im still able to type #ping bob1 and the ping works. The ip adress is on a remote network.

I beleve that no ip domain-lookup turns off the ability for the router to look up and resolve domain names. But in this case it does not?


Regards Lars

Hello Lars

The ip host command is used to define static hostname to IP address mappings in the DNS hostname cache of the local device. This means that any time a domain name is used instead of an IP address, that mapping will be checked first, before any external DNS, if configured. This is kind of analogous to the “hosts” file found in Windows systems.

By typing the command no ip domain-lookup, you are disabling the lookup on an external DNS server, however, you are not disabling the lookup in the statically defined mappings. According to the following Cisco documentation:

In order to use this service to map domain names to IP addresses, you must specify a name server.

So a prerequisite to the mappings functioning is that a name server be specified, even if the domain lookup is disabled.

I hope this has been helpful!


1 Like

Hi, resolving to multiple ip address ?
Let’s say the server with the ip is down , then how the client will chose the second ip address ?

Hello Sims

A DNS record can point to multiple IP addresses for the same domain name. If you do an nslookup for various well-known DNS addresses, you will find some that return multiple IPv4 or IPv6 addresses. Even returns multiple IP addresses.

When a web browser, or any computer application, makes a request to, the host will try communication with the returned IP addresses one by one, until a response is received. This way, if one address fails, the next one in line will be attempted until successful.

I hope this has been helpful!


Could you explain a bit about how DNS-SD works, please? I’m guessing you need to configure the authoritative domain server to advertise services into the domain, but presumably the clients on the network will also need to know what services to ask for? I know I ought to build myself a DNS server to see exactly what’s going on, but don’t quite know where to start… Would you still need a recursive resolver on the network to hand communicate directly with the client, which then in turn talks to the authoritative name server? The network I have in mind will not be connected to the outside world so doesn’t need to know how to get to anything else on the internet.
Regards, Hild

Hello Hild

DNS-SD is a way of using standard DNS programming interfaces, servers, and packet formats to browse the network for services. You can find detailed information about how it works and how it can be configured within a Cisco environment at the following documentation:

I hope this has been helpful!